125 matches found
CVE-2019-16889
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service disk consumption because .cache files in /var/run/beaker/containerfile/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The...
CloudBees Jenkins Beaker Builder Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Dependency Graph Viewer Plugin is used in...
CVE-2019-10398
Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10398
Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10398
The CVE-2019-10398 entry concerns Jenkins Beaker Builder Plugin (versions ≤ 1.9). The vulnerability arises from credentials being stored unencrypted in the plugin’s global configuration file on the Jenkins master, enabling users with file-system access to view them. Impact is credential disclosur...
CVE-2019-10398
Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
PT-2019-11792 · Jenkins · Jenkins Beaker Builder Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Beaker Builder Plugin versions 1.9 and earlier Description: The issue concerns the storage of credentials in the Jenkins Beaker Builder Plugin. Specifically, the plugin stored credentials unencrypted in its global configuration file o...
Cross site scripting
Cross-site scripting XSS vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job...
Design/Logic Flaw
The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively...
Xxe
XML external entity XXE vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system...
CVE-2015-3163
The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively...
CVE-2015-3160
XML external entity XXE vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system...
CVE-2015-3162
Cross-site scripting XSS vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job...
CVE-2015-3161
The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape tags in string literals when producing JSON...
Code injection
The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape tags in string literals when producing JSON...
CVE-2015-3162
Cross-site scripting XSS vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job...
CVE-2015-3163
The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively...
CVE-2015-3162
CVE-2015-3162 affects Beaker 20.1 in the Beaker project. Description: a Cross-site scripting (XSS) vulnerability in the edit comment dialog (bkr/server/widgets.py) enables remote authenticated users to inject arbitrary web script or HTML by writing a crafted comment on an acknowledged or nacked c...
CVE-2015-3161
The CVE affects Beaker prior to version 20.1. The search bar code in bkr/server/widgets.py fails to escape tags in string literals when producing JSON, enabling potential cross‑site/script injection via JSON output. The Beaker vulnerability is described consistently across sources (NVD/NVD-deriv...